[strongSwan] ubuntu nm-applet faild

Noel Kuntze noel at familie-kuntze.de
Fri Mar 10 23:14:55 CET 2017 

On 10.03.2017 04:18, Alexander wrote:
> Hi  Andreas,
> 
> I'm set up a VPS on amazon EC2 ubuntu16.04, now I can use Win7 and WIn10 and IOS 10.2.1( IPSec Cisco type) to connect this VPS sucessfully, but  vpnc or Cisco AnyConnect, failed
> 
> 
> VPS Ubuntu16.04.02    client Ubuntu16.04.02 
> 
> ==================================================================================================
> VPS configure
> config setup
>     strictcrlpolicy=no
>     uniqueids=never
> conn %default
>     dpdaction=clear
>     dpddelay=35s
>     dpdtimeout=300s
> 
> conn IKEv1-PSK_XAUTH
>     keyexchange=ikev1
>     fragmentation=yes
>     #left -- local(server) side
>     left=%any
>     leftauth=psk
>     leftsubnet=0.0.0.0/0
>     #right -- remote(client) side
>     right=%any
>     rightauth=psk
>     rightauth2=xauth
>     rightsourceip=10.31.2.0/24
>     auto=add

Set xauth = server

> 
> ==============================================================================================================================
> strongswan NetworkManager Applet 1.4.1 will cause NetworkManager coruption,  and I noticed that compile networkmanager applet must configure use a --prefix=/usr option, for working with networkmanager. and this applet can only support cert and eap type, didn't support anyother type.

Probably because your version of NM is too old.
Obviously, the settings you pass to ./configure must correspond to your filesystem hierarchie.
I strongly recommend packaging the software with your distro's package format to make sure you can cleanly
uninstall and upgrade.

> ==============================================================================================================================
> Cisco AnyConnect Client failed, and even this program cann't display many configure options, it's just show server option, user
> account or password option can't saw

IIRC Cisco AnyConnect can't be used with strongSwan, because it sends some proprietary extensions and data to strongSwan
that it doesn't (and maybe can't) support. I think it at least wants to get some data back that it previously sends
in an IKE message or something like that. It's somewhere on the ML, I think.-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170310/617ff037/attachment.sig>

More information about the Users mailing list